Snmpv1 And V2; Snmp Workflow - Cisco 300 Series Administration Manual

SNMP
SNMP Versions and Workflow
NOTE
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)

SNMPv1 and v2

To control access to the system, a list of community entries is defined. Each
community entry consists of a community string and its access privilege. The
system responds only to SNMP messages specifying the community which has
the correct permissions and correct operation.
SNMP agents maintain a list of variables that are used to manage the device.
These variables are defined in the Management Information Base (MIB).
Due to the security vulnerabilities of other versions, it is recommended to use
SNMPv3.
SNMPv3
In addition to the functionality provided by SNMPv1 and v2, SNMPv3 applies
access control and new trap mechanisms to SNMPv1 and SNMPv2 PDUs.
SNMPv3 also defines a User Security Model (USM) that includes:
• Authentication—Provides data integrity and data origin authentication.
• Privacy—Protects against disclosure message content. Cipher Block-
Chaining (CBC-DES) is used for encryption. Either authentication alone can
be enabled on an SNMP message, or both authentication and privacy can
be enabled on an SNMP message. However, privacy cannot be enabled
without authentication.
• Timeliness—Protects against message delay or playback attacks. The
SNMP agent compares the incoming message time stamp to the message
arrival time.
• Key Management—Defines key generation, key updates, and key use. The
device supports SNMP notification filters based on Object IDs (OID). OIDs
are used by the system to manage device features.

SNMP Workflow

For security reasons, SNMP is disabled by default. Before you can
NOTE
manage the device via SNMP, you must turn on SNMP on the Security >TCP/
UDP Services page.
26
522